If you have multiple groups and/or resources that you manage together or you have a need to share data between teams, the IDM team can create a defined role for your convenience.

What is a Defined Role?

Defined roles in IDM are just that, roles that are defined by an IDM user and set up by an IDM admin. Defined roles (which one could think of as advanced role-based sharing) are a powerful mechanism that makes it easy to enable access to the proper LC hosts and groups based on the user's project. When a new person is added to a project, they only need to be added to the associated defined role, which would then automatically grant the user all of the needed host and group permissions. 

Requesting a Defined Role

An LC Coordinator can request the creation of a new defined role by sending a request to the LC IDM team at lc-idm-admin@llnl.gov. The information needed for a request includes:

• The name of the role
• Which networks the role is needed in (OCF, SCF, SNSI)
• The LC groups and LC hosts which should be managed together (i.e., the access being granted by membership in the role)
• The ouns of the people who can approve membership changes for this role
• Required membership traits (e.g., US citizen, Q-Clearance)

Adding or Removing Members of a Defined Role

See IDM—Add or Remove Role Members to manage role membership.